2 matches found
@accordproject/concerto-analysis contains malware after npm account takeover
On November 24th 2025, a new supply chain attack called Shai-Hulud 2.0 was launched. This package contains the malicious code that attempts to harvest credentials and infect GitHub and npm repositories. The malicious software executes during the pre-install phase and attempts to harvest credentia...
MAL-2025-29612 Malicious code in preinstall (npm)
The package preinstall was found to contain malicious code...